How Solvency Check Error Led to USP Depegging on Avalanche-Based Platypus Finance

A flaw in a key pricing mechanism led to Platypus Finance’s USP stablecoin losing over 50% of its intended peg with U.S. dollars earlier on Friday, developers said.

“We regret to inform you that our protocol was hacked recently, and the attacker took advantage of a flaw in our USP solvency check mechanism,” Platypus tweeted. “They used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.”

The solvency check mechanism tricked Platypus smart contracts into erroneously reasoning that USP was fully backed as intended. And that’s where the exploit started.

Platypus Finance, like other decentralized stablecoin exchanges, relies on smart contracts instead of middlemen for exchanging stablecoins cheaply with low slippage. The product is fairly popular, holding over $50 million in locked tokens as of Thursday.

An attack during late U.S. hours on Thursday saw exploiters use a flash-loan attack to steal over $8.5 million from Platypus, as CoinDesk reported.

Things to know

USP is a type of stablecoin. Its price is affected by how much is available in a place called the Main Pool. When more people swap other types of digital money for USP, the price may go slightly lower.

When there's less USP in the Main Pool, the price goes back up. To keep the price stable at $1, a fee is charged to people who borrow USP, and the fee increases when there is more USP in the Main Pool. This encourages people to borrow more or repay their debts.

Flash loans are a decentralized finance (DeFi)-specific mechanism allowing users to borrow high amounts of capital on little collateral as long as the loan is paid back within the same transaction.

Flash loans are not inherently bad: They are generally used by traders, but bad actors may use flash loans to trick a protocol’s smart contract into manipulating prices on liquidity pools and take over that pool’s assets.

How the attacker stole millions

Blockchain data shows the exploiter borrowed over $44 million from lending platform Aave for the flash loan, using it to supply liquidity to a trading pool on Platypus and tricking smart contracts into issuing $44 million of Platypus' LP token, called LP-USDC, in return.

All of this occurred over two transactions. These LP tokens were then deposited into a staking contract on Platypus – which issued 11,000 platypus (PTP) tokens as a staking reward.

The attacker was also able to get 41 million USP tokens using the $44 million LP tokens as collateral – as Platypus allows users to borrow USP stablecoins against their LP positions.

At this point, the attacker called an “emergencywithdraw” function on Platypus’ smart contracts to withdraw the $44 million originally provided to the Platypus liquidity pool. The solvency check error in the code failed to dissuade such a move – allowing the attacker to withdraw the tokens and repay the Aave flash loan.

However, the system did not retract the 41 million USP tokens that were issued – in turn allowing the attacker to swap them for the $8.5 million in liquidity available at that time on Platypus.

As of Friday, Platypus said it had contacted the attacker to negotiate a bounty in exchange for the return of the funds.

It added that relevant security parties and crypto exchanges were contacted. “We are currently working with several parties … including Binance, Tether and Circle, to freeze the funds of the hacker and prevent further losses. Right now, the USDT has been frozen.

“We are also exploring options for compensation and reimbursement for affected investors,” developers tweeted.

USP continues to lose value at writing time, trading at 47 cents as of Friday morning.